Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-6994-1
Vulnerability from osv_ubuntu
It was discovered that Netty did not properly sanitize its input parameters. A remote attacker could possibly use this issue to cause a crash. (CVE-2023-34462)
It was discovered that Netty incorrectly handled request cancellation. A remote attacker could possibly use this issue to cause Netty to consume resources, leading to a denial of service. (CVE-2023-44487)
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-34462",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-44487",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-4+deb11u2build0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-4+deb11u2build0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.1.48-4+deb11u2build0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-4",
"1:4.1.48-4+deb11u1build0.22.04.1"
]
}
],
"aliases": [],
"details": "It was discovered that Netty did not properly sanitize its input\nparameters. A remote attacker could possibly use this issue to cause a\ncrash. (CVE-2023-34462)\n\nIt was discovered that Netty incorrectly handled request cancellation. A\nremote attacker could possibly use this issue to cause Netty to consume\nresources, leading to a denial of service. (CVE-2023-44487)\n",
"id": "USN-6994-1",
"modified": "2026-04-27T14:11:36Z",
"published": "2024-09-05T20:39:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6994-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-34462"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-44487"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "netty vulnerabilities",
"upstream": [
"UBUNTU-CVE-2023-34462",
"UBUNTU-CVE-2023-44487"
]
}
ubuntu-cve-2023-34462
Vulnerability from osv_ubuntu
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. The SniHandler class is a handler that waits for the TLS handshake to configure a SslHandler according to the indicated server name by the ClientHello record. For this matter it allocates a ByteBuf using the value defined in the ClientHello record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the SslClientHelloHandler. This vulnerability has been fixed in version 4.1.94.Final.
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-4+deb11u2build0.22.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-4+deb11u2build0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.1.48-4+deb11u2build0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-4",
"1:4.1.48-4+deb11u1build0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-9"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-9?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.1.48-9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-7",
"1:4.1.48-8"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-10ubuntu0.25.10.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-10ubuntu0.25.10.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-10",
"1:4.1.48-10ubuntu0.25.10.1",
"1:4.1.48-10ubuntu0.25.10.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libnetty-buffer-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
},
{
"binary_name": "libnetty-common-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
},
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-16ubuntu0.1~esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:26.04:LTS",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-16ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-10",
"1:4.1.48-11",
"1:4.1.48-12",
"1:4.1.48-13",
"1:4.1.48-14",
"1:4.1.48-16",
"1:4.1.48-16ubuntu0.1~esm2"
]
}
],
"aliases": [],
"details": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.",
"id": "UBUNTU-CVE-2023-34462",
"modified": "2026-06-08T16:18:47Z",
"published": "2023-06-22T23:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-34462"
},
{
"type": "REPORT",
"url": "https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845"
},
{
"type": "REPORT",
"url": "https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6994-1"
}
],
"related": [
"USN-6994-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-34462"
]
}
ubuntu-cve-2023-44487
Vulnerability from osv_ubuntu
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
{
"affected": [
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libnghttp2-14",
"binary_version": "1.7.1-1ubuntu0.1~esm2"
},
{
"binary_name": "nghttp2",
"binary_version": "1.7.1-1ubuntu0.1~esm2"
},
{
"binary_name": "nghttp2-client",
"binary_version": "1.7.1-1ubuntu0.1~esm2"
},
{
"binary_name": "nghttp2-proxy",
"binary_version": "1.7.1-1ubuntu0.1~esm2"
},
{
"binary_name": "nghttp2-server",
"binary_version": "1.7.1-1ubuntu0.1~esm2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "nghttp2",
"purl": "pkg:deb/ubuntu/nghttp2@1.7.1-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.1-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.7-1",
"1.3.4-2",
"1.4.0-1",
"1.4.0-2",
"1.5.0-2",
"1.6.0-1",
"1.7.0-1",
"1.7.1-1",
"1.7.1-1ubuntu0.1~esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "haproxy",
"binary_version": "1.8.8-1ubuntu0.13+esm3"
},
{
"binary_name": "vim-haproxy",
"binary_version": "1.8.8-1ubuntu0.13+esm3"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "haproxy",
"purl": "pkg:deb/ubuntu/haproxy@1.8.8-1ubuntu0.13+esm3?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.8-1ubuntu0.13+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.7.9-1ubuntu1",
"1.7.9-1ubuntu2",
"1.8.4-1",
"1.8.7-1",
"1.8.8-1",
"1.8.8-1ubuntu0.1",
"1.8.8-1ubuntu0.2",
"1.8.8-1ubuntu0.3",
"1.8.8-1ubuntu0.4",
"1.8.8-1ubuntu0.6",
"1.8.8-1ubuntu0.7",
"1.8.8-1ubuntu0.8",
"1.8.8-1ubuntu0.9",
"1.8.8-1ubuntu0.10",
"1.8.8-1ubuntu0.11",
"1.8.8-1ubuntu0.13",
"1.8.8-1ubuntu0.13+esm2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libnghttp2-14",
"binary_version": "1.30.0-1ubuntu1+esm2"
},
{
"binary_name": "nghttp2",
"binary_version": "1.30.0-1ubuntu1+esm2"
},
{
"binary_name": "nghttp2-client",
"binary_version": "1.30.0-1ubuntu1+esm2"
},
{
"binary_name": "nghttp2-proxy",
"binary_version": "1.30.0-1ubuntu1+esm2"
},
{
"binary_name": "nghttp2-server",
"binary_version": "1.30.0-1ubuntu1+esm2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "nghttp2",
"purl": "pkg:deb/ubuntu/nghttp2@1.30.0-1ubuntu1+esm2?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.30.0-1ubuntu1+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.25.0-1",
"1.27.0-1",
"1.28.0-1",
"1.29.0-1",
"1.29.0-1build1",
"1.30.0-1",
"1.30.0-1ubuntu1",
"1.30.0-1ubuntu1+esm1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "h2o",
"binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "libh2o-dev-common",
"binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "libh2o-evloop0.13",
"binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
},
{
"binary_name": "libh2o0.13",
"binary_version": "2.2.4+dfsg-1ubuntu0.1~esm2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "h2o",
"purl": "pkg:deb/ubuntu/h2o@2.2.4+dfsg-1ubuntu0.1~esm2?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.4+dfsg-1ubuntu0.1~esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.3+dfsg-2",
"2.2.4+dfsg-1",
"2.2.4+dfsg-1build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "nodejs",
"binary_version": "8.10.0~dfsg-2ubuntu0.4+esm6"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "nodejs",
"purl": "pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm6?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.10.0~dfsg-2ubuntu0.4+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.11.4~dfsg-1ubuntu1",
"6.11.4~dfsg-1ubuntu2",
"6.12.0~dfsg-1ubuntu1",
"6.12.0~dfsg-2ubuntu1",
"6.12.0~dfsg-2ubuntu2",
"8.10.0~dfsg-2",
"8.10.0~dfsg-2ubuntu0.2",
"8.10.0~dfsg-2ubuntu0.3",
"8.10.0~dfsg-2ubuntu0.4",
"8.10.0~dfsg-2ubuntu0.4+esm1",
"8.10.0~dfsg-2ubuntu0.4+esm2",
"8.10.0~dfsg-2ubuntu0.4+esm3",
"8.10.0~dfsg-2ubuntu0.4+esm4",
"8.10.0~dfsg-2ubuntu0.4+esm5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libtomcat8-embed-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm4"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "tomcat8",
"purl": "pkg:deb/ubuntu/tomcat8@8.5.39-1ubuntu1~18.04.3+esm4?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.5.39-1ubuntu1~18.04.3+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.5.21-1ubuntu1",
"8.5.29-1",
"8.5.30-1",
"8.5.30-1ubuntu1",
"8.5.30-1ubuntu1.2",
"8.5.30-1ubuntu1.3",
"8.5.30-1ubuntu1.4",
"8.5.39-1ubuntu1~18.04.1",
"8.5.39-1ubuntu1~18.04.2",
"8.5.39-1ubuntu1~18.04.3",
"8.5.39-1ubuntu1~18.04.3+esm1",
"8.5.39-1ubuntu1~18.04.3+esm2",
"8.5.39-1ubuntu1~18.04.3+esm3"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm5"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "tomcat9",
"purl": "pkg:deb/ubuntu/tomcat9@9.0.16-3ubuntu0.18.04.2+esm5?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.16-3ubuntu0.18.04.2+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.16-3~18.04.1",
"9.0.16-3ubuntu0.18.04.1",
"9.0.16-3ubuntu0.18.04.2",
"9.0.16-3ubuntu0.18.04.2+esm1",
"9.0.16-3ubuntu0.18.04.2+esm2",
"9.0.16-3ubuntu0.18.04.2+esm3",
"9.0.16-3ubuntu0.18.04.2+esm4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnghttp2-14",
"binary_version": "1.40.0-1ubuntu0.2"
},
{
"binary_name": "nghttp2",
"binary_version": "1.40.0-1ubuntu0.2"
},
{
"binary_name": "nghttp2-client",
"binary_version": "1.40.0-1ubuntu0.2"
},
{
"binary_name": "nghttp2-proxy",
"binary_version": "1.40.0-1ubuntu0.2"
},
{
"binary_name": "nghttp2-server",
"binary_version": "1.40.0-1ubuntu0.2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "nghttp2",
"purl": "pkg:deb/ubuntu/nghttp2@1.40.0-1ubuntu0.2?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.40.0-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.39.2-1",
"1.40.0-1",
"1.40.0-1build1",
"1.40.0-1ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.31-1ubuntu0.9"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.31-1ubuntu0.9"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "tomcat9",
"purl": "pkg:deb/ubuntu/tomcat9@9.0.31-1ubuntu0.9?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.31-1ubuntu0.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.24-1",
"9.0.27-1",
"9.0.31-1",
"9.0.31-1ubuntu0.1",
"9.0.31-1ubuntu0.2",
"9.0.31-1ubuntu0.3",
"9.0.31-1ubuntu0.4",
"9.0.31-1ubuntu0.5",
"9.0.31-1ubuntu0.6",
"9.0.31-1ubuntu0.7",
"9.0.31-1ubuntu0.8"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "h2o",
"binary_version": "2.2.5+dfsg2-3ubuntu0.1~esm1"
},
{
"binary_name": "libh2o-dev-common",
"binary_version": "2.2.5+dfsg2-3ubuntu0.1~esm1"
},
{
"binary_name": "libh2o-evloop0.13",
"binary_version": "2.2.5+dfsg2-3ubuntu0.1~esm1"
},
{
"binary_name": "libh2o0.13",
"binary_version": "2.2.5+dfsg2-3ubuntu0.1~esm1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "h2o",
"purl": "pkg:deb/ubuntu/h2o@2.2.5+dfsg2-3ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5+dfsg2-3ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.5+dfsg2-3",
"2.2.5+dfsg2-3build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libnode64",
"binary_version": "10.19.0~dfsg-3ubuntu1.6+esm2"
},
{
"binary_name": "nodejs",
"binary_version": "10.19.0~dfsg-3ubuntu1.6+esm2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "nodejs",
"purl": "pkg:deb/ubuntu/nodejs@10.19.0~dfsg-3ubuntu1.6+esm2?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.19.0~dfsg-3ubuntu1.6+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"10.15.2~dfsg-2ubuntu1",
"10.17.0~dfsg-2ubuntu4",
"10.17.0~dfsg-2ubuntu6",
"10.19.0~dfsg-3ubuntu1",
"10.19.0~dfsg-3ubuntu1.1",
"10.19.0~dfsg-3ubuntu1.2",
"10.19.0~dfsg-3ubuntu1.3",
"10.19.0~dfsg-3ubuntu1.5",
"10.19.0~dfsg-3ubuntu1.6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "trafficserver",
"binary_version": "8.0.5+ds-3ubuntu0.1~esm1"
},
{
"binary_name": "trafficserver-experimental-plugins",
"binary_version": "8.0.5+ds-3ubuntu0.1~esm1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "trafficserver",
"purl": "pkg:deb/ubuntu/trafficserver@8.0.5+ds-3ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.5+ds-3ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.5+ds-1",
"8.0.5+ds-2",
"8.0.5+ds-2build1",
"8.0.5+ds-2ubuntu1",
"8.0.5+ds-3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "aspnetcore-runtime-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "aspnetcore-targeting-pack-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-apphost-pack-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-host",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-hostfxr-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-runtime-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-6.0-source-built-artifacts",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-targeting-pack-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-templates-6.0",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet6",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
},
{
"binary_name": "netstandard-targeting-pack-2.1",
"binary_version": "6.0.123-0ubuntu1~22.04.1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "dotnet6",
"purl": "pkg:deb/ubuntu/dotnet6@6.0.123-0ubuntu1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.123-0ubuntu1~22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"6.0.108-0ubuntu1~22.04.1",
"6.0.109-0ubuntu1~22.04.1",
"6.0.110-0ubuntu1~22.04.1",
"6.0.111-0ubuntu1~22.04.1",
"6.0.113-0ubuntu1~22.04.1",
"6.0.116-0ubuntu1~22.04.1",
"6.0.118-0ubuntu1~22.04.1",
"6.0.119-0ubuntu1~22.04.1",
"6.0.120-0ubuntu1~22.04.1",
"6.0.121-0ubuntu1~22.04.1",
"6.0.122-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "aspnetcore-runtime-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "aspnetcore-targeting-pack-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-apphost-pack-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-host-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-hostfxr-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-runtime-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-sdk-7.0-source-built-artifacts",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-targeting-pack-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet-templates-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "dotnet7",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
},
{
"binary_name": "netstandard-targeting-pack-2.1-7.0",
"binary_version": "7.0.112-0ubuntu1~22.04.1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "dotnet7",
"purl": "pkg:deb/ubuntu/dotnet7@7.0.112-0ubuntu1~22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.0.112-0ubuntu1~22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.0.105-0ubuntu1~22.04.1",
"7.0.107-0ubuntu1~22.04.1",
"7.0.108-0ubuntu1~22.04.1",
"7.0.109-0ubuntu1~22.04.1",
"7.0.110-0ubuntu1~22.04.1",
"7.0.111-0ubuntu1~22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnetty-java",
"binary_version": "1:4.1.48-4+deb11u2build0.22.04.1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "netty",
"purl": "pkg:deb/ubuntu/netty@1:4.1.48-4+deb11u2build0.22.04.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.1.48-4+deb11u2build0.22.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.1.48-4",
"1:4.1.48-4+deb11u1build0.22.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libnghttp2-14",
"binary_version": "1.43.0-1ubuntu0.1"
},
{
"binary_name": "nghttp2",
"binary_version": "1.43.0-1ubuntu0.1"
},
{
"binary_name": "nghttp2-client",
"binary_version": "1.43.0-1ubuntu0.1"
},
{
"binary_name": "nghttp2-proxy",
"binary_version": "1.43.0-1ubuntu0.1"
},
{
"binary_name": "nghttp2-server",
"binary_version": "1.43.0-1ubuntu0.1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "nghttp2",
"purl": "pkg:deb/ubuntu/nghttp2@1.43.0-1ubuntu0.1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.43.0-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.43.0-1",
"1.43.0-1build1",
"1.43.0-1build2",
"1.43.0-1build3"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.58-1ubuntu0.2"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.58-1ubuntu0.2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "tomcat9",
"purl": "pkg:deb/ubuntu/tomcat9@9.0.58-1ubuntu0.2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.0.58-1ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"9.0.43-3",
"9.0.54-1",
"9.0.55-1",
"9.0.58-1",
"9.0.58-1ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "dnsdist",
"binary_version": "1.6.1-1ubuntu0.1~esm1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "dnsdist",
"purl": "pkg:deb/ubuntu/dnsdist@1.6.1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.1-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.5.1-3build2",
"1.6.1-1build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "h2o",
"binary_version": "2.2.5+dfsg2-6.1ubuntu2+esm1"
},
{
"binary_name": "libh2o-dev-common",
"binary_version": "2.2.5+dfsg2-6.1ubuntu2+esm1"
},
{
"binary_name": "libh2o-evloop0.13",
"binary_version": "2.2.5+dfsg2-6.1ubuntu2+esm1"
},
{
"binary_name": "libh2o0.13",
"binary_version": "2.2.5+dfsg2-6.1ubuntu2+esm1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "h2o",
"purl": "pkg:deb/ubuntu/h2o@2.2.5+dfsg2-6.1ubuntu2+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.5+dfsg2-6.1ubuntu2+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.2.5+dfsg2-6",
"2.2.5+dfsg2-6.1",
"2.2.5+dfsg2-6.1ubuntu1",
"2.2.5+dfsg2-6.1ubuntu2"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libnode72",
"binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2"
},
{
"binary_name": "nodejs",
"binary_version": "12.22.9~dfsg-1ubuntu3.6+esm2"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "nodejs",
"purl": "pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.6+esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22.9~dfsg-1ubuntu3.6+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"12.22.5~dfsg-5ubuntu1",
"12.22.7~dfsg-2ubuntu1",
"12.22.7~dfsg-2ubuntu3",
"12.22.9~dfsg-1ubuntu2",
"12.22.9~dfsg-1ubuntu3",
"12.22.9~dfsg-1ubuntu3.1",
"12.22.9~dfsg-1ubuntu3.2",
"12.22.9~dfsg-1ubuntu3.3",
"12.22.9~dfsg-1ubuntu3.4",
"12.22.9~dfsg-1ubuntu3.5",
"12.22.9~dfsg-1ubuntu3.6"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "trafficserver",
"binary_version": "9.1.1+ds-2ubuntu0.1~esm1"
},
{
"binary_name": "trafficserver-experimental-plugins",
"binary_version": "9.1.1+ds-2ubuntu0.1~esm1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "trafficserver",
"purl": "pkg:deb/ubuntu/trafficserver@9.1.1+ds-2ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.1.1+ds-2ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.1.1+ds-1.1",
"9.1.1+ds-2build1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "aspnetcore-runtime-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "aspnetcore-targeting-pack-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-apphost-pack-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-host-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-hostfxr-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-runtime-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-sdk-8.0",
"binary_version": "8.0.100-0ubuntu1"
},
{
"binary_name": "dotnet-sdk-8.0-source-built-artifacts",
"binary_version": "8.0.100-0ubuntu1"
},
{
"binary_name": "dotnet-targeting-pack-8.0",
"binary_version": "8.0.0-0ubuntu1"
},
{
"binary_name": "dotnet-templates-8.0",
"binary_version": "8.0.100-0ubuntu1"
},
{
"binary_name": "dotnet8",
"binary_version": "8.0.100-8.0.0-0ubuntu1"
},
{
"binary_name": "netstandard-targeting-pack-2.1-8.0",
"binary_version": "8.0.100-0ubuntu1"
}
],
"priority_reason": "Listed in CISA Known Exploited Vulnerabilities Catalog"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "dotnet8",
"purl": "pkg:deb/ubuntu/dotnet8@8.0.100-8.0.0-0ubuntu1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.100-8.0.0-0ubuntu1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.100-8.0.0~rc1-0ubuntu1",
"8.0.100-8.0.0~rc2-0ubuntu1",
"8.0.100-8.0.0~rc2-0ubuntu2"
]
}
],
"aliases": [],
"details": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"id": "UBUNTU-CVE-2023-44487",
"modified": "2026-04-22T07:45:27Z",
"published": "2023-10-10T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-44487"
},
{
"type": "REPORT",
"url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
},
{
"type": "REPORT",
"url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
},
{
"type": "REPORT",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"
},
{
"type": "REPORT",
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
},
{
"type": "REPORT",
"url": "https://my.f5.com/manage/s/article/K000137106"
},
{
"type": "REPORT",
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
},
{
"type": "REPORT",
"url": "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html"
},
{
"type": "REPORT",
"url": "https://devblogs.microsoft.com/dotnet/october-2023-updates/"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6427-1"
},
{
"type": "REPORT",
"url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
},
{
"type": "REPORT",
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6427-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6438-1"
},
{
"type": "REPORT",
"url": "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6505-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6574-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6754-1"
},
{
"type": "REPORT",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6994-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7067-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7410-1"
},
{
"type": "REPORT",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"type": "REPORT",
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7469-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7469-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7469-3"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7469-4"
},
{
"type": "REPORT",
"url": "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released"
},
{
"type": "REPORT",
"url": "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7892-1"
}
],
"related": [
"USN-6427-1",
"USN-6427-2",
"USN-6438-1",
"USN-6505-1",
"USN-6574-1",
"USN-6754-1",
"USN-6994-1",
"USN-7067-1",
"USN-7410-1",
"USN-7469-1",
"USN-7469-2",
"USN-7469-3",
"USN-7469-4",
"USN-7892-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2023-44487"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.